[GH-ISSUE #5289] [Feature Request]: Monitor Entra ID Group Membership Changes #2540

New issue

Closed

opened 2026-03-02 13:53:10 +03:00 by kerem · 3 comments

kerem commented 2026-03-02 13:53:10 +03:00

Owner

Copy link

Originally created by @Jherndon-Xantrion on GitHub (Jan 29, 2026).
Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/5289

Please confirm:

• I have searched existing feature requests (open and closed) and found no duplicates.
• **me or my organization is currently an active sponsor of the product at the $99,- level.

Problem Statement

CIPP lacks the ability to monitor group membership changes for groups in Entra ID. This is especially important for monitoring groups that control exclusions from Conditional Access rules. Some of our clients are very large, and we can't exclude individual members in CA rules, we require groups. This means that drift templates that monitor CA rules for changes don't notify us when users are excluded from CA rules

Benefits for MSPs

This improves security for the entire MSP community. If we could generate a webhook any time group membership changes for critical groups, it would close a loop the industry has had for years. The use cases are endless

Value or Importance

It's critical. Right now, we can monitor conditional access rules with CIPP for changes.. but someone can easily work around "is my CA rule configured properly and protecting my customers logic in CIPP" simply by adding someone to a group.

PowerShell Commands (Optional)

No response

Originally created by @Jherndon-Xantrion on GitHub (Jan 29, 2026). Original GitHub issue: https://github.com/KelvinTegelaar/CIPP/issues/5289 ### Please confirm: - [x] **I have searched existing feature requests** (open and closed) and found no duplicates. - [x] **me or my organization is currently an active sponsor of the product at the $99,- level. ### Problem Statement CIPP lacks the ability to monitor group membership changes for groups in Entra ID. This is especially important for monitoring groups that control exclusions from Conditional Access rules. Some of our clients are very large, and we can't exclude individual members in CA rules, we require groups. This means that drift templates that monitor CA rules for changes don't notify us when users are excluded from CA rules ### Benefits for MSPs This improves security for the entire MSP community. If we could generate a webhook any time group membership changes for critical groups, it would close a loop the industry has had for years. The use cases are endless ### Value or Importance It's critical. Right now, we can monitor conditional access rules with CIPP for changes.. but someone can easily work around "is my CA rule configured properly and protecting my customers logic in CIPP" simply by adding someone to a group. ### PowerShell Commands (Optional) _No response_

kerem 2026-03-02 13:53:10 +03:00

• closed this issue
• added the
  enhancement
  no-priority
  not-assigned
  labels

kerem commented 2026-03-02 13:53:11 +03:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Jan 29, 2026):

Hello,

Thank you for your interest in improving CIPP!
To keep our development process focused and manageable, feature requests are limited to paying users. This policy helps us prioritize improvements that directly benefit those actively supporting CIPP and ensures we can sustain our development and support.

When a sponsor makes a feature request, their support covers training, development, documentation, and security checks. Allowing non-sponsor requests could lead to a backlog that slows down updates and stretches resources thin, ultimately affecting the quality and sustainability of CIPP.

While we’ve closed this request, we appreciate your input. You’re always welcome to participate in ongoing discussions or contribute to open issues. If you are a developer, feel free to open a PR that includes your feature request or comment "I’d like to work on this!" to assign the issue to yourself.

Did you get this notification in error? Reply with a screenshot of your sponsorship payment and we’ll reopen the issue.

Thank you for understanding,
The CIPP Team

<!-- gh-comment-id:3816206353 --> @github-actions[bot] commented on GitHub (Jan 29, 2026): Hello, Thank you for your interest in improving CIPP! To keep our development process focused and manageable, **feature requests are limited to paying users**. This policy helps us prioritize improvements that directly benefit those actively supporting CIPP and ensures we can sustain our development and support. When a sponsor makes a feature request, their support covers training, development, documentation, and security checks. Allowing non-sponsor requests could lead to a backlog that slows down updates and stretches resources thin, ultimately affecting the quality and sustainability of CIPP. While we’ve closed this request, we appreciate your input. You’re always welcome to participate in ongoing discussions or contribute to open issues. If you are a developer, feel free to open a PR that includes your feature request or comment "**I’d like to work on this!**" to assign the issue to yourself. **Did you get this notification in error?** Reply with a screenshot of your sponsorship payment and we’ll reopen the issue. _Thank you for understanding,_ **The CIPP Team**

kerem commented 2026-03-02 13:53:11 +03:00

Author

Owner

Copy link

@Jherndon-Xantrion commented on GitHub (Jan 29, 2026):

Hey Folks,

I'm not sponsoring as an individual, but my organization sponsors CIPP. Not sure where to pull this from, but we're paying the $99 a month and here's the welcome email I got when I signed up

<!-- gh-comment-id:3818602511 --> @Jherndon-Xantrion commented on GitHub (Jan 29, 2026): Hey Folks, I'm not sponsoring as an individual, but my organization sponsors CIPP. Not sure where to pull this from, but we're paying the $99 a month and here's the welcome email I got when I signed up <img width="1342" height="749" alt="Image" src="https://github.com/user-attachments/assets/6d82bbea-6f7b-439a-94ec-f0364ff87e89" />

kerem commented 2026-03-02 13:53:11 +03:00

Author

Owner

Copy link

@Jherndon-Xantrion commented on GitHub (Jan 29, 2026):

<!-- gh-comment-id:3818610525 --> @Jherndon-Xantrion commented on GitHub (Jan 29, 2026): <img width="1203" height="1202" alt="Image" src="https://github.com/user-attachments/assets/ca433243-524c-41b9-a93c-9c153595682e" />

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

docs

dev

dependabot/npm_and_yarn/dev/uiw/react-json-view-2.0.0-alpha.42

dependabot/npm_and_yarn/dev/tanstack/react-query-persist-client-5.96.2

dependabot/npm_and_yarn/dev/mui-tiptap-1.30.0

dependabot/npm_and_yarn/dev/tanstack/react-query-devtools-5.96.2

dependabot/npm_and_yarn/dev/recharts-3.8.1

dependabot/github_actions/dev/actions/setup-node-6.4.0

copilot/add-alert-for-report-only-ca

release/beta

release/nightly

docs-maintenance

v10.4.0

v10.3.0

v10.2.0

v10.1.0

v10.0.0

v8.8.0

v8.7.0

v8.6.0

v8.5.0

v8.4.0

v8.3.0

v8.2.0

v8.1.0

v8.0.0

v7.5.0

v7.4.0

v7.3.0

v7.2.0

v7.1.0

v7.0.1

v6.4.0

v6.3.0

v6.2.0

v6.1.0

v6.0.0

v5.9.0

v5.8.5

v5.8.0

v5.7.0

v5.6.0

v5.5.0

v5.4.0

v5.3.0

v5.2.0

v5.1.0

v5.0.0

v4.9.0

v4.8.0

v4.7.0

v.4.6.0

v4.5.0

v4.4.0

v4.3.0

v4.2.0

v4.1.0

v4.0.0

v3.8.0

v3.7.0

v3.6.0

v3.5.0

v3.4.0

v3.3.0

v3.2.0

v3.1.0

v3.0.0

v2.20.0

v2.19.0

v2.18.0

v2.17.0

v2.16.0

v2.15.0

v2.13.0

v2.12.0

v2.11.2

v2.1.11.0

v.2.10.0

v2.9.0

v2.8.0

v2.7.0

v2.6.0

v2.5.5

v2.5.0

v2.4.0

v.2.3.0

v2.2.0

v2.1.2

v2.1.1

v2.1.0

v2.0.1

2.0.0

v1.5.1

v1.5.0

v1.4.3

v1.4.2

v1.4.0

v1.3.0

v1.2.1

v1.2.0

1.1.0

release

Labels

Clear labels   

API

  

Feature

  

NotABug

  

NotABug

  

Planned

  

Sponsor Priority

  

Sponsor Priority

  

bug

  

documentation

  

duplicate

  

enhancement

  

needs more info

  

no-activity

  

no-priority

  

not-assigned

  

pull-request

Mirrored from GitHub Pull Request

  

react-conversion

  

react-conversion

  

roadmap

  

security

  

stale

  

unconfirmed-by-user

  

unconfirmed-by-user

  

wontfix

No labels

API

Feature

NotABug

NotABug

Planned

Sponsor Priority

Sponsor Priority

bug

documentation

duplicate

enhancement

needs more info

no-activity

no-priority

not-assigned

pull-request

react-conversion

react-conversion

roadmap

security

stale

unconfirmed-by-user

unconfirmed-by-user

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/CIPP#2540

No description provided.